Skip to main content

Search

Welcome to the Engager.app Help Centre

What to do if your Engager account has been hacked

Ash Hall
  • Updated

If you believe your Engager account has been compromised, it’s critical to act immediately to protect your firm, your clients, and your data.

This guide outlines the essential steps you should take.

1. Secure Your Account

Change your password immediately via your login screen or profile settings.

If you're unable to access your account, contact us urgently at contact@engager.app so we can suspend access and assist you in regaining control.

Recommended password tips:

  • Use a strong, unique password (e.g. a mix of uppercase, lowercase, numbers, and symbols).
  • Avoid using the same password across multiple services.
  • Consider using a password manager.
  • Force log out all users, this was ensure they're logged out from all devices

  • Setup 2FA if you haven't already

2. Notify Engager Support

As soon as you've regained access or if you're locked out, report the incident to our team at via contact@engager.app.

Please include:

  • Your firm name and affected user email(s)
  • Date and time you noticed the suspicious activity
  • A brief summary of what happened (e.g. suspicious logins, unauthorised changes, unusual emails sent)

Our team will investigate and advise on any next steps, including a security review of your account activity.

3. Check for Unauthorised Access or Changes

Review the following within Engager:

  • Client records: Look for any new or deleted clients.
  • Letters of engagement or documents: Check for any unauthorised changes or downloads.
  • Emails: Review the communication history and ensure no misleading emails were sent.
  • User access: Go to Settings > System Users and confirm there are no unknown users added.

If you spot anything suspicious, notify our team straight away.

4. Inform Affected Clients (if necessary)

If it appears any client data has been accessed, you may need to inform them directly depending on your obligations under the UK GDPR and ICO guidelines.

Include:

  • What happened
  • What information may have been exposed
  • Any actions you’ve taken (e.g. password reset, platform audit)
  • What steps they may need to take (e.g. ignore suspicious emails, change passwords)

📌 Tip: Keep your communication calm, honest, and professional.

5. Report the Breach (if required)

If client personal data has been compromised, you're likely required to report this to the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach.

6. Review & Improve Your Security Setup

Going forward, we recommend:

  • Enabling two-factor authentication (2FA) on your email accounts and any linked platforms.
  • Regularly reviewing your user access list in Engager.
  • Educating your team on phishing emails and suspicious activity.

Need Help?

Our team is here to support you. If you're ever unsure what to do, contact contact@engager.app as soon as possible and we’ll guide you through the next steps.

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk